Splunk® SOAR (On-premises)

Administer Splunk SOAR (On-premises)

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Splunk® SOAR (On-premises). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Create custom status labels in

You can create additional status labels for the events and cases in as needed for your business processes.

Statuses are grouped into three categories: New, Open, and Resolved. You can create up to 10 total status labels in .

Status label rules

Status labels must adhere to the following rules:

  • At least one status label must exist for each of the status categories.
  • The labels New, Open, and Closed are available upon upgrade. These three labels can be deleted, removing them from the active list. These labels cannot be renamed because they are required for backwards compatibility with apps and playbooks.

To maintain backwards compatibility with apps and existing playbooks, if the status labels New, Open, or Closed have been deleted, ingestion apps and the REST API can still assign the statuses New, Open, and Closed to containers.

Create a status label in

To create a status label, follow these steps:

  1. From the Home menu, select Administration.
  2. Select Event Settings > Status.
  3. Click Add Item in the status category where you want to create the new status label.
  4. Type the new status name. The status label name must adhere to the following conditions:
    • Only ASCII characters a-z, 0-9, dash ( - ), or underscores ( _ ) are allowed.
    • The name cannot exceed 20 characters in length.
  5. Click Add Item.

To reorder status labels, drag the handle ( ☰ ) on the left side of the status label's input box to the desired position.

To delete a status label, click the circled x ( ⓧ ) to the right of the status label's input box.

To set the status label used as the default label for that status type, select the desired label from the drop-down list in the Default status field.

Last modified on 22 September, 2021
PREVIOUS
Use data retention strategies to schedule and manage your database cleanup
  NEXT
Create custom severity names

This documentation applies to the following versions of Splunk® SOAR (On-premises): 5.0.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters